The position of CISO, Chief Information Security Officer, has evolved significantly over the last few years. It has become a standalone position and is no longer just a title slapped on to an existing employee’s responsibilities. This new CISO has the responsibility, and ultimately accountability, to think proactively safeguarding the confidentiality, integrity, and availability of Read more…

These days no organization can completely avoid dealing with third parties, which by doing so gives them a competitive advantage, lesser cost, and ultimately increase profits but these relationships present one with multiple risks. With the threat of security breaches, supply chain disruptions, data theft, or reputational damage stemming from third-parties, it is essential for Read more…

Service Organization Control (SOC) reports have become more and more important to the world of information security and compliance since being introduced by the American Institute of CPAs (AICPA) in 2011. This is particularly the case for SOC 2, which focuses on availability, confidentiality, privacy, processing integrity, and security as its trust services criteria or Read more…

Which security baseline do you need under the Federal Risk and Authorization Management Program (FedRAMP)? Is it low, moderate, or high? While choosing to utilize cloud services has the added benefits of flexibility, increased collaboration, and lower upfront investments, it can also bring about increased risks, and for that reason, the US federal government has Read more…

Last April 2016, the European Union (EU) Parliament adopted the General Data Protection Regulation (GDPR) to replace the now defunct Data Protection Directive 95/46/EC. GDPR was put in place to bolster and consolidate data protection in the EU and is not only applicable to companies located within the EU, but also to those outside its Read more…

While recent years have seen a spike in new forms of cyber attacks that increasingly threaten not only governments but also companies, information security management just got a recent boost. On May 11, 2017, US President Donald Trump signed an executive order meant to fortify federal government cyber security measures and guard critical infrastructure from Read more…

While cloud solutions have made it possible to make computer systems more efficient and effective, the federal IT infrastructure has had a hard time adopting this innovation. Saddled by redundant, time-consuming, costly, and inefficient systems, the federal government has found it hard to secure its IT systems without throwing hundreds of millions of dollars down Read more…

Performing a risk assessment is a central part of the ISO 27001 process directed to implementing an ISMS (Information Security Management System). How could you protect any sort of environment without being fully aware of impending threats, the exposition level, and variables such as the likelihood of occurrence and estimated level of impact? Understanding all Read more…

From an information security management point of view, complying with the required laws, regulations and contractual obligations can be as much of a challenge as dealing with the ever-evolving threat landscape and new forms of attacks.  What many organizations fail to understand is that both are equally important. Mandatory requirements can come in the form Read more…